Monday morning at 1:40 AM, I received an email from a client of ours concerned about a message she received. Submitted via her site’s contact form (full text below), the message stated that the sender had found a vulnerability within the organization’s website and thus would be able to get their database credentials and move the information to an offshore server. The message went on to detail a long list of draconian threats that would be inflicted upon my client if she didn’t pay a “small fee” of $2000 to stop the attack.
By now, you probably have popcorn in hand and are waiting for me to tell you, where was my client’s database? It was fully intact with no breaches and doing just fine. We carefully checked the client’s website and were able to verify that the site’s logs were clean and no breach had occurred. This is the latest bitcoin email scam. The idea is to try and get business owners, who don’t know that no breach has happened, to pay a ransom to stop a threatened harm. The ransom is charged in Bitcoin which is fully anonymous and untrackable.
So, what should you do if you receive an email such as this? My best advice: if the text resembles what is shown below, just walk away and do what you were planning to do next with your day (perhaps feed your sourdough starter or wash your dog). This is a scam and doesn’t deserve your attention. But, if you prefer to check things out and make sure everything is all right, a Sucuri Site Check will be able to identify if there is a file that contains malicious script.
Full (redacted) text of the email:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website http://www.XXXXXXX.com and extracted your databases.
How did this happen? Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.XXXXXX.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).
Send the bitcoin to the following Bitcoin address (Copy…
Read more:Bitcoin Scams and Your Website